Plesk 12 - fail2ban logging

[Ed_Greenberg]

I have many Centos 6 based Plesk 12 servers. On most of them, fail2ban logs are always 0, and fail2ban entries go to /var/log/messages.

On a few of them, fail2ban messages go to both fail2ban.log and messages.

Comparing two of these servers that exhibit the two behaviors above, I find that both rsyslog.conf have the same sum, both fail2ban.conf have the same sum, and both rsyslog.d directories are empty.

Looking at the fail2ban source, the log facility is hardwired to 'daemon', while the priority is set to INFO in both of the fail2ban.conf files.

I can't find a difference in syslog or fail2ban that would account for this difference in behavior, and most clients would like a separate fail2ban log, since Plesk offers to display it under Tools and Settings | Fail2ban | Logs.

Can anybody help?

 

[Linulex]

It seems you have installs from different locations. Its not really hardwired in code, that's just there in case nothing is set in the config.

All my installs are from the centos 6 64 bit epel repositry. Version 0.8 of fail2ban had a seperate logfile, in 0.9 it is logged in syslog.

my /etc/fail2ban/fail2ban.conf has (again epel rpm, don't know about other rpm's or the default config distributed with source etc...)


# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# If you change logtarget from the default value and you are
# using logrotate -- also adjust or disable rotation in the
# corresponding configuration file
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR
#
logtarget = SYSLOG

Just change/add it to the config and create and empty log file.
Don't forget to configure log rotation when you change it to its own log file and make sure the fail2ban deamon has permission to wright to the file.

regards
Jan